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DETAILED ACTION 
Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1 - 5, 7 - 14, 21 -24, 29-31 and 33 are rejected under 35 U.S.C. 
103(a) as being unpatentable over "A Framework for Inter-ORB Request Level Bridge 
Construction" (herein after Steinder) in view of U.S. Patent No. 5,742,759 to Nessett. 

As to claim 1 , Steinder teaches (Mapping object references from HOP domain, p. 
10) a gateway between a first network and a second network (mapping or bridging 
mechanism resides at the boundary between domains; p. 2, Section 2), the system 
comprising: 

interface means (lnterORB_Proxy uses standard CORBA interfaces) to receive 
from the first network a message (request from the client's ORB) intended for an object 
in the second (server's ORB) network (lnterORB_Proxy uses standard CORBA 
interfaces to translate request from the client's ORB to the server's ORB; Section 5.1 , p. 
7), the message including an identifier for a further object in either the first or second 
network (a request arriving from HOP domain to the server ORB may contain IOR 
references which have to be mapped to the server's ORB proprietary form); 

means (half-bridge) to generate further interface means (new half-bridge with 
lnterORB_Proxy inside) for receiving from the second network messages for the further 
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object (half-bridge must create a new half-bridge with lnterORB_Proxy inside which 
encapsulates the reference); 

means to replace the received identifier (replace IOR in the request) with the new 
identifier (reference specific for this domain) in the message (lnterORB_Proxy object 
possesses a reference specific for this domain which replace IOR in the request); and 

means to forward the message to the object in the second network (reference 
returned in LocateReply is a final reference to be used during a call). 

Steinder also teaches (p. 9, Reference Translation; p. 10, Mapping object 
references from HOP domain) means to form a new identifier (mapped from their 
proprietary from to an Interoperable Object Reference for HOP) for the further interface 
means (lnterORB_Proxy object possesses a reference specific for this domain which 
replace IOR in the request). Steinder does not specify the new identifier including 
check data resulting from a hash operation for checking the validity of the or at least 
part of the new identifier. 

However, Nessett teaches securely controlling access to resources in a 
distributed computer system (col. 3, lines 10-22) and an identifier (object reference) 
including check data (checksum) resulting from a hash operation (object reference may 
be run through a cryptographic one-way hash function to produce a cryptographic 
checksum on the object reference data... cryptographic checksum is also saved in or 
associated with the spreadsheet object reference; col. 7, lines 38 - 53) for checking the 
validity of the or at least part of the new identifier (server compares the retrieved 
checksum with the recomputed checksum.. .if the checksums match then the 
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spreadsheet server permits the compound document server to retrieve the necessary 
data; col. 8, lines 50 -63). 

It would have been obvious to a person of ordinarily skilled in the art at the time 
of the invention to apply the teaching of including check data in an identifier as taught by 
Nessett to the invention of Steinder because this provides the object reference with 
greater protection against forgery (col. 7, lines 50 - 52 of Nessett). 

As to claim 33, this is a method claim that corresponds to system 1 ; note the 
rejection to claim 1 above, which also meets this method claim. 

As to claim 2, Steinder teaches (Mapping object references from HOP domain, p. 
10) the new identifier includes information to enable subsequent recovery by the system 
of the received identifier (lnterORB_Proxy encapsulates the reference). 

As to claim 3, Steinder teaches (Section 5.4, p. 9) the new identifier includes a 
representation of the received identifier (opaque reference form is encapsulated in the 
object_key field). 

As to claim 4, Siteinder teaches (Section 5.4, p. 9) the new identifier includes an 
indication of the identity of the received identifier and the system includes means to 
associate said indication with said received identifier (fill out the ProfileBody 
structure... the opaque reference is encapsulated in the object_key field... host and port 
of this structure are assigned host name and port number of some HOP domain object 
which is able to support this reference in the case of calling it). 

As to claim 5, Steinder teaches (Section 5.4, p. 9) means to include in the new 
identifier a name tag (name and port number of some HOP domain object) to identify the 
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interface means (host and port of this structure are assigned host name and port 
number of some HOP domain object which is able to support this reference in the case 
of calling it). 

As to claim 7, Steinder as modified teaches the check data is a result of a hash 
operation enacted on at least part of the identifier and a secret (object reference may be 
run through a cryptographic one-way hash function to produce a cryptographic 
checksum on the object reference data. ..cryptographic checksum is also saved in or 
associated with the spreadsheet object reference; col. 7, lines 38 - 53 of Nessett). 

As to claims 8 and 9, Steinder teaches (Section 5.4, p. 9) means to include in the 
new identifier an indication that the received identifier was received in a message from 
the first or second network (ProfileBody structure includes host and port). 

As to claim 10, Steinder teaches (Section 5.4, p. 9) form the new identifier 
(ProfileBody structure) on the basis of the determined origin (opaque reference is 
encapsulated in the object_key field). 

As to claims 1 1 and 13, Steinder teaches {Eager reference mapping to HOP 
domain, p. 10) if the received identifier originated in the first network, the means to form 
the new identifier forms a new identifier including information to enable subsequent 
recovery by the system of the received identifier (IOR including host name and port 
number is sent to the half-bridge on the server's side... recipient creates a half-bridge for 
server environment... a reference of the lnterORB_Proxy inside the newly created half- 
bridge is sent to the server in the Request message). 
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As to claim 12, Steinder teaches (Lazy reference mapping to HOP domain, p. 10) 
if the received identifier originated in the second network, having passed through the 
system from the second network to the first network (LocateReply will contain IOR 
which points to the lnterORB_Proxy inside the created half-bridge), the means to form 
the new identifier forms a new identifier comprising an original identifier recovered from 
information included in the received identifier (a Bridge Factory is introduced in each 
cooperating environment... its host name and port number are used to fill the 
ProfiieBody field of the IOR). 

As to claim 14, Steinder teaches (Section 5.1, p. 7 - 8) comprising means to 
detect a name tag (char * PeerRef) in the message. 

As to claim 21 , Steinder teaches (Section 5.1 , p. 7; Determining Foreign Object 
Reference at connection establishment stage, p. 1 0 - 1 1 ) the means to generate the 
further interface means comprises means to determine (finding the server object 
reference and creating its lnterORB_Proxy) on the basis of the received identifier 
whether a template (the lnterORB_Proxy is implemented as a template) for an 
appropriate further interface means is already known to the system. 

As to claims 22 and 24, Steinder teaches (Determining Foreign Object Reference 
at connection establishment stage, p. 10 - 1 1) the means to generate the further 
interface means comprises means, which is operable in the event an appropriate 
template is not known to the system, to obtain an appropriate template from a remote 
repository (a search for foreign object references and creation of lnterORB_Proxies for 
them is managed by a special trading protocol). 
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As to claim 23, Steinder teaches (Section 5.1, p. 7) the means to generate the 
further interface means comprises means, which is operable in the event no appropriate 
template is known to the system and/or an appropriate template is not recoverable from 
a remote repository, to obtain a generic template (lnterORB_Proxy uses standard 
CORBA interfaces... new CORBA module will inherit from the old one). 

As to claim 29, Steinder teaches (Section 5.4, p. 9) wherein the received 
identifier is an Interoperable Object Reference (Interoperable Object Reference) having 
the form IOR [host: port: key] (opaque reference is encapsulated in the object_key 
field... host and port of are assigned host name and port number). 

As to claim 30, Steinder teaches (Section 5.4, p. 9) the new identifier 
(ProfileBody structure) is an Interoperable Object Reference (Interoperable Object 
Reference) having the form IOR[host x: port x: key x] (object_key field... host and port), 
wherein key x includes information to enable subsequent recovery by the system of the 
received identifier (opaque reference is encapsulated in the object_key field). 

As to 31 , Steinder teaches (Section 5.4, p. 9) wherein key x includes a 
representation of the received object reference IOR[host i: port i: key i] (opaque 
reference is encapsulated in the object_key field). 

3. Claims 15-20, and 32 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Steinder and Nessett in view of "ORB 2.0 RFP Submission" 
(hereinafter IONA). 

As to claims 15, 17 and 18, Steinder as modified does not teach determining if an 
object is valid and available to receive messages. 
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However, IONA teaches (p. 29) checking validity of an identifier (most ORBs 
provide the ability to determine if an object reference is still valid) determine whether the 
object in the second network is valid and is still available to receive messages 
(gatewayed objects that have not been used in a long time could be checked to see if 
they no longer exist). 

It would have been obvious to a person of ordinarily skilled in the art at the time 
of the invention to apply the teaching of checking validity of an identifier as taught by 
IONA to the invention of Steinder as modified because gatewayed objects that have not 
been used in a long time could be checked to see if they no longer exist and, if they 
have been deleted, the proxy may also be deleted (p. 29 of IONA). 

As to claim 16, Steinder as modified teaches (Section 4.5.1, p. 25 of IONA) a 
naming service (name services) and the presence or absence of a name tag being 
indicative of whether the object associated with the name tag is available or not 
(gatewayed objects that have not been used in a long time could be checked to see if 
they no longer exist and if they have been deleted, the proxy may also be deleted). 

As to claim 32, Steinder teaches (Section 5.1, p. 7 - 8; Section 5.4, p. 9) key x 
includes: an identifier to indicate from which network the object reference originated 
(opaque reference is encapsulated in the object_key field) and a name tag (char * 
PeerRef) associated with an identity of the gateway process. As to check data for 
verifying the validity of the object reference, see the rejection to claim 1 above. 

As to claim 19, see the rejection to claim 7 above. 
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As to claim 20, Steinder as modified teaches the secret is stored by and only 
accessible by the gateway (server object generates an unforgeable number and stores 
the unforgeable number with the spreadsheet object; col, 5, lines 23 - 55 of Nessett). 
4. Claims 25 - 28 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Steinder and Nessett in view of U.S. Patent No. 5,991 ,877 to Luckenbaugh. 

As to claim 25, Steinder as modified does not teach a trusted operating system. 

However, Luckenbaugh teaches (column 4, line 57 - column 5, line 5; column 
10, lines 10-40) teaches a trusted operating system (access control system includes a 
trusted framework). 

It would have been obvious to a person of ordinarily skilled in the art to apply the 
teaching of a trusted operating system as taught by Luckenbaugh to the invention of 
Steinder as modified because this provides fine-grained security access authorizations 
(column 2, lines 39 - 55 of Luckenbaugh). 

As to claim 26, Steinder as modified teaches (column 8, lines 20 - 50; column 9, 
lines 23 - 31 ; column 1 0, lines 30 - 40 of Luckenbaugh) the trusted operating system 
enforces Mandatory Access Control (MAC and role-based policies). 

As to claim 27, Steinder as modified teaches (column 6, line 42 - column 7, line 
30; column 8, lines 1-48 Luckenbaugh) comprising at least two logical compartments 
(client 301 and server 302, Fig. 3) and a trusted relay process (AuthClient class 140, 
Fig. 3) that has privileges necessary to pass messages between the two compartments, 
wherein the first network and the respective interface means are associated with a first 
compartment and the second network is associated with a second compartment (policy 
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manager of 310a of the client 301 must issue the appropriate call through an AuthClient 
object 140 to invoke an appropriate return by the interaction of an authenticator object 
130 and the policy manager 310b of the server 302, Fig. 3). 

As to claim 28, Steinder as modified teaches (column 8, lines 20 - 50 of 
Luckenbaugh) wherein a secret (name and password), usable by the system in a hash 
operation for validating object references (authentication protocol between the client 
and server), is associated with a third compartment (Authenticator 130, Fig. 3), and 
wherein only the trusted relay process has the privileges necessary to retrieve the 
secret from the further compartment in order to enact a hash operation (instances of the 
AuthClient class 140 contains objects which preferably provide an interface... to collect 
information concerning the client which are needed for particular authorization 
policies... any number of additional interfaces to accommodate other existing or custom 
authorization protocols can be provided). 
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Conclusion 



5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Li B. Zhen whose telephone number is (703) 305-3406. 
The examiner can normally be reached on Mon - Fri, 8am - 4:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John A. Follansbee can be reached on (703) 305-8498. The fax phone 
number for the organization where this application or proceeding is assigned is (703) 
872-9306. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (703) 305- 
3900. 



Li B. Zhen 
Examiner 
Art Unit 2126 



Ibz 

December 5, 2003 




